Nessus Plugin #16308
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
DeskNow Mail and Collaboration Server Directory Traversal Vulnerabilities
- Family:
- CGI abuses
- Category:
- infos
- Copyright:
- This script is Copyright (C) 2005 Noam Rathaus
- Summary:
- Checks for the presence of an old version of DeskNow
- Version:
- $Revision: 1.1 $
- Cve_id:
- -
- Bugtraq_id:
- 12421
- Xrefs:
- -
- Description:
DeskNow Mail and Collaboration Server is a full-featured and integrated
mail and instant messaging server, with webmail, secure instant
messaging, document repository, shared calendars, address books,
message boards, web-publishing, anti-spam features, Palm and
PocketPC access and much more.
A directory traversal vulnerability was found in DeskNow webmail
file attachment upload feature that may be exploited to upload
files to arbitrary locations on the server. A malicious webmail
user may upload a JSP file to the script directory of the server,
and executing it by requesting the URL of the upload JSP file.
A second directory traversal vulnerability exists in the document
repository file delete feature. This vulnerability may be exploited
to delete arbitrary files on the server.
Solution : Upgrade to DeskNow version 2.5.14 or newer
Risk factor : Medium
Generiert am 27.04.2005 um 18:49:54 Uhr.